CERTICOM'S ECC ENCRYPTION UNIQUELY SUITED TO US GOVERNMENT'S STANDARD FOR GLOBAL INFORMATION SECURITY

HAYWARD, Calif., December 11, 2001 - The U.S. Commerce Department's adoption of a new Advanced Encryption Standard (AES) on Dec. 4 as Federal Information Processing Standard 197, sets a new benchmark for global information security, according to Certicom (Nasdaq: CERT; TSE: CIC), a leading provider of mobile e-business security. AES is a symmetric-key algorithm that replaces the long-standing Data Encryption Standard (DES), and is the culmination of a four-year effort by computer scientists at the Commerce Department's National Institute of Standards and Technology (NIST) to achieve a highly secure algorithm. 

Certicom's Elliptic Curve Cryptography (ECC) is a complementary public-key algorithm that is uniquely suited among public-key cryptosystems to provide strong security for use with the new AES. Although DES has been widely used since the mid-1970's, its small key size of 56 bits makes it inadequate for most present-day security applications. The AES algorithm has key sizes of 128, 192, and 256 bits, which provide increased security. 

Security solutions, such as security protocols on the Internet, employ a combination of symmetric-key algorithms, like the AES, and public-key algorithms, like ECC, to ensure secure communications. Security solutions are only as strong as their weakest component, so public-key algorithms offering comparable security to AES must be deployed. ECC 512-bit keys can provide comparable security to 256-bit AES; by comparison, other public-key systems like the RSA algorithm will require more than 15,000-bit keys for the same job. At a 256-bit AES key size, an ECC signature can be created approximately 500 times more quickly than an RSA signature. Smaller ECC keys mean lower processing power, storage space, and bandwidth are required, enabling developers to meet the future security requirements for mobile devices. 

About Certicom
Certicom is a leading provider of information security software and services, specializing in solutions for mobile e-business. The company's products and services are specifically designed to address the challenges imposed by a wireless data environment. Certicom's solutions incorporate its efficient encryption technology and are based on industry standards for information security that utilize public-key cryptography. Certicom's products are currently licensed to more than 200 customers including Cisco Systems, Inc., Handspring Inc., Motorola, Inc., Nortel Networks, Openwave Systems, Inc., Palm, Inc., QUALCOMM, Inc., Research In Motion Ltd., Sony International (Europe) GmbH and Verizon Communications Inc. Certicom's headquarters and worldwide sales and marketing operations are based in the Silicon Valley in Hayward. For more information, visit Certicom's Web site at http://www.certicom.com

Except for historical information contained herein, this press release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Securities and Exchange Commission and Canadian securities regulatory authorities. 

For interviews with Certicom security experts, please contact: 

Lorraine Kauffman Carol Paterson
Corporate Communications Lois Paul & Partners (for Certicom)
Certicom Corp. (415) 262-1908
(510) 780-5417 carol_paterson@lpp.com
lkauffman@certicom.com  
   
Rebecca Krueger  
Lois Paul & Partners (for Certicom)  
(415) 262-1904  
Rebecca_Krueger@lpp.com